Date: Wed, 16 Mar 2005 16:33:28 +0200 From: Saulius Menkevicius <bob@nulis.lt> To: freebsd-stable@freebsd.org Subject: kern/71910 and IPFIREWALL_FORWARD_EXTENDED Message-ID: <423843B8.6000601@nulis.lt>
next in thread | raw e-mail | index | archive | help
Hello,
I wonder if the config setting IPFIREWALL_FORWARD_EXTENDED was meant to
fix kern/71910?
It adds #ifdef's around the following code in ip_output.c:
-----------------8<-----------------
/* Or forward to some other address? */
fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
if (fwd_tag) {
#ifndef IPFIREWALL_FORWARD_EXTENDED
if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
#endif
dst = (struct sockaddr_in *)&ro->ro_dst;
bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
m->m_flags |= M_SKIP_FIREWALL;
m_tag_delete(m, fwd_tag);
goto again;
#ifndef IPFIREWALL_FORWARD_EXTENDED
} else {
m_tag_delete(m, fwd_tag);
/* Continue. */
}
#endif
}
-----------------8<-----------------
Where the workaround for kern/71910 (at least it works for me) was:
-----------------8<-----------------
Index: ip_output.c
===================================================================
RCS file: /FreeBSD-CVS/src/sys/netinet/ip_output.c,v
retrieving revision 1.225.2.3
diff -u -b -r1.225.2.3 ip_output.c
--- ip_output.c 15 Sep 2004 15:07:09 -0000 1.225.2.3
+++ ip_output.c 19 Sep 2004 15:51:42 -0000
@@ -713,7 +713,7 @@
/* Or forward to some other address? */
fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
if (fwd_tag) {
- if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
+ if (!in_localaddr(ip->ip_dst)) {
dst = (struct sockaddr_in *)&ro->ro_dst;
bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
m->m_flags |= M_SKIP_FIREWALL;
-----------------8<-----------------
Thanks,
Respectfully,
Saulius Menkevicius
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423843B8.6000601>